User: Password:
|
|
Subscribe / Log in / New account

Reactive vs. pro-active kernel security

Reactive vs. pro-active kernel security

Posted Jul 15, 2011 2:40 UTC (Fri) by naptastic (guest, #60139)
Parent article: Reactive vs. pro-active kernel security

I sense a common theme here: buggy userspace programs create security holes and some groups of people would like the kernel to make those kinds of holes impossible.

What if these kinds of fixes were config options, default off, with big scary warnings about performance penalties when configured on, and then they **warn** about unsafe behavior by userspace programs, so that, in the perfect world where I live, administrators will test programs thoroughly, see that they're unsafe, and file bug reports with the programs' maintainers, who will happily and quickly fix their buggy userland code and push updates to the distributions?


(Log in to post comments)

Reactive vs. pro-active kernel security

Posted Jul 15, 2011 3:39 UTC (Fri) by dlang (subscriber, #313) [Link]

again, if someone can show that there is a real problem (i.e. it is possible to exploit this), then a fix gets put in, no matter what the performance cost.

the cost of these things isn't just performance, it's also maintainability (especially if you end up with multiple paths due to this being a configurable option)

Reactive vs. pro-active kernel security

Posted Jul 15, 2011 5:53 UTC (Fri) by naptastic (guest, #60139) [Link]

Sorry; I thought one of the points of the article is that some pro-active security measures (I think of them as prophylactic or preventative) are unpalatable to kernel developers, but would remove avenues for abuse by buggy user-space programs; removing symlinks in sticky directories is one example.

I understand and agree with the rejection of these kinds of patches: it's not the kernel's job to fix user-space bugs. But as an option, under debugging or something, could it at least warn, "Hey, app developer, you've left a potential security hole"?

Maybe there's a better way to do this?

Reactive vs. pro-active kernel security

Posted Jul 16, 2011 6:29 UTC (Sat) by djm (subscriber, #11651) [Link]

No. copy_in/out errors are kernel-side problems that can be exploited by userspace to steal or corrupt data in the kernel. There have been quite a few in Linux over the years, so some protection there is worth considering and not dismissing out of hand.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds